-
Notifications
You must be signed in to change notification settings - Fork 87
Home
Similarly, every output generated by the web application is filtered & modified by the library. The main task is to append a javascript code to the output generated. This is done by output buffering in php. Along with this a <noscript> information is appended for those browsers that do not support javascript.
Note: We support nojs as well, check nojs branch for this. However, its advised to use master version, if your web app requires javascript to be enabled in client browser, See why?
The javascript code attached to the html output makes sure the token is attached with every request (for which token is required by server).
Note: Currently CSRFP validates every POST request and those GET requests
for which url patterns are allowed as per configuration
Javascript code works well with
- Static form elements (
<form>) - Dynamically generated forms
- AJAX requests (
XHRorXMLHttpRequest) - Static urls (if allowed by configuration rules)
Here is list of our resources you my need to deploy/integrate csrfp in your web application
PS: wiki still under development. Please create a Github issue for any correction.